[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1378
  • Last Modified:

ISA 2004 to allow POP & SMTP traffic in and out. HTTP works fine! we cannot access our internet mail using Outlook client

We are a small company and our mail are hosted by Yahoo Business Email. We have installed and configured ISA 2004 on our network and the HTTP traffic is setup sucessfully, it is allowed through. The users can access their mail through HTTP but not through POP or SMTP using Outlook. I don't know where to configure ISA 2004 to allow POP & SMTP traffic. I have setup Rules for incoming and outgoing pop & smtp and allowed all users but still no luck! Can anyone tell me what I'm doing wrong? The ISA 2004 is running on a Win2003 and is added to the DC.
0
HOPEWW
Asked:
HOPEWW
  • 5
  • 5
1 Solution
 
hbustanCommented:
Did you verify whether POP and SMTP works from anywhere else outside of your company and domain?

Perhaps it is not enabled from Yahoo in the 1st place?
0
 
HOPEWWAuthor Commented:
We used a Linux Firewall before installing ISA 2004 and it was accessable via our Outlook clients then, and we did get our pop and smtp details (pop.bizmail.yahoo.com ; smtp.bizmail.yahoo.com) from yahoo themselves. So it did work, and now nothing!
0
 
hbustanCommented:

Try adding a rule (for everyone) in your ISA to allow pop3 & smtp for all trafic coming from your internal network and going out.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
HOPEWWAuthor Commented:
Have done that! Do I need to create a rule for incoming aswell? What I've done is to create a pop rule from internal to external for all users. Do I need to copy this rule for external to internal for all users as well?
0
 
hbustanCommented:
I don't believe so, since these are TCP connections which means once the connection is established, 2-way communication is possible.

Try "Telnet pop.bizmail.yahoo.com 110" from command prompt
also try "Telnet 68.142.224.70 110" if above line fails (if this works but not the previous, then it is a DNS issue)

You should get something like this:

+OK hello from popgate on pop107.biz.mail.re2.yahoo.com 2.38.1


If you don't then perhaps you have other rules in your firewall that is overriding the rule to open port 110 (POP3)

Perhaps you have personal firewalls installed on your clients that might be blocking this as well

0
 
HOPEWWAuthor Commented:
In my ISA Network Rules section: The Internet Access rule provide 2 options under network relationships: NAT and Route, the default is NAT do I keep it on NAT or do I change it to Route?
0
 
hbustanCommented:
Hmmm, it depends on your network and what you want but I'm not sure if it affects the way SMTP and POP3 work or not. In our case we have it set to Route.

Route assumes that your clients have a valid Public Internet IP address not: 192.x.x.x or 10.x.x.x

If you do have a valid IP, maybe it is worth trying although I don't know how many users might be affected from this change at your end.
0
 
HOPEWWAuthor Commented:
Thanks so much for your help regarding this issue, you made me think again..... The ISA server was set to Route and not NAT. All my rules are setup correctly, and after changing the option from Route to NAT it all worked just fine. One last question, is there any security risks having this option enabled?
0
 
hbustanCommented:
I couldn't say there is no security risk whatsoever, but as long as your firewall has its rules set correctly and that you have blocked unwanted access on your firewall, then this minimizes the risks.

I would say NAT has one advantage over Route in a Security sense; namely, your actual client IPs will be unreachable from outside in a direct sense; but still once a communication link is established from a client PC, the other end will have some means in communicating back.

I think this is a personal preference more than a security concern as there are also many advantages of routing IPs instead of NATing as well but these advantages are not security related.
0
 
HOPEWWAuthor Commented:
Thanks so much for your help nd expertise helping us. Your time is much appreciated
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now